Floxif

Floxif is a Trojan that for the time being was distributed with Ccleaner’s installers. Ccleaner is a popular PC cleaner and optimization tool developed by Piriform that was just acquired by Avast. According to the Avast announcement, the cyber criminals may have already begun hacking into Piriform systems right before the acquisition, and the malware managed to operate without being noticed for some time after the purchase. Luckily, specialists from another security company learned about what happened and informed the Avast team about it. Further, in the text, we will explain more of what happened next and the malicious application itself. Also, we will explain what is recommended to do if you installed Ccleaner while its setup file was infected with Floxif, so if you think you may have received this threat, we encourage you to read the rest of the article and have a look at the deletion instructions if you feel you need some guidance.

It took some time for Avast and Piriform teams to determine the threat and find out how Floxif managed to infect their product’s installer unnoticed. Apparently, the file carrying the Trojan was signed while using a valid digital certificate. Specialists say the hackers may have gotten hold of the certificate if the signing process was compromised, which means if precautions are taken in the future this should not happen again. Moreover, while researching the malicious application, it was discovered it can affect only 32-bit systems. As for other systems, the malware should be downloaded with the infected setup file too, but it would not be executed when it is launched as it happened only if the user was running a 32-bit system.

Furthermore, it is important to mention, the Trojan affected just the Ccleaner 5.33 version, and the corrupted setup files were available from August 15 and up to four weeks. Therefore, if you downloaded the application before or after this period, your system should be safe. At first, it was thought there were much more users who received the malicious application, but later it was determined that only approximately 2.27 million of users downloaded the infected setup files and installed Floxif along with Ccleaner 5.33. The threat is considered to be a Trojan and a backdoor. It means the malware may have had capabilities of downloading more harmful applications on the system, although specialists from Avast do not think the cyber criminals were able to use this feature.

After being installed, Floxif worked as a keylogger. In other words, it was able to record various information about the infected device. For instance, the malware could record the device’s name, names of applications installed on it, active processes, user’s login information, and some other similar data. Besides the stolen information, specialists did not notice the Trojan could do any direct damage to the system, and fortunately, the Avast team reacted early and because of the actions they took the server used by the malicious application was taken down. What’s more, they released an update to help users delete the threat without erasing the tool. Even if the Trojan is no longer active, users are still advised to make sure it is removed if they downloaded Ccleaner during the time the distributed installers were infected with Floxif.

No doubt, keeping a malicious application on the system is never a good idea even if it may not have the means to do harm anymore, so if you think you might have been one of the 2.27 million users who downloaded the infected installed we urge you not to take any chances and get the newest update as soon as possible. Additionally, it is recommendable to check the system in case there could be other possible threats; as for more suggestion have a look at the instructions located below. Lastly, if you do not use security tools yet, it would be wise to consider acquiring one; you may yet encounter even more dangerous malware in the future; thus, it seems to us, if you wish to avoid it, you should do all you can to keep the computer protected.